Gerchik Trading Ecosystem (GTE) faces a potential data breach that has exposed the sensitive data of approximately 166,000 prospective traders who participated in its online trading training programs between 2020 and 2022.
Furthermore, security researcher Volodymyr “Bob” Diachenko discovered this breach, which involved an unprotected dataset containing a wealth of information, including names, email addresses, contact numbers, encrypted passwords, IPs, geographic locations, and more. The exposed data was in the form of a JSON object, designed for easy human readability and machine interpretation. Efforts to obtain an official response from GTE are ongoing, with no statement received from the company at the time of reporting.
Upon closer examination of the exposed data, it becomes evident that each user profile includes distinct identifiers, such as a userID attributed with a unique value and a gerchickID marked as “1f6a-86b5-f1ec6e39c08e.”
The dataset also features fields like updatedAt and createdAt, following the ISO 8601 standard for date formatting, which likely indicate user profile update and creation dates. Interestingly, the password field conceals the actual value, suggesting encryption or hashing for enhanced security.
Additionally, the exposed data reveals various details, including email addresses, first names, last names, and various registration-related parameters, shedding light on users’ registration environments and locations.
This ongoing situation emphasizes the importance of data security in the digital age. While the incident is currently presumed to be the result of an inadvertent glitch rather than a malicious act, it underscores the need for organizations to maintain robust data protection measures.
The Cyber Express will continue to monitor and update this story as more information emerges, providing insights into the evolving landscape of data breaches and security vulnerabilities.
